summary refs log tree commit diff
diff options
context:
space:
mode:
authorIstvan Kurucsai <pistukem@gmail.com>2018-01-12 15:26:20 +0100
committerFlorian Weimer <fweimer@redhat.com>2018-01-12 15:26:20 +0100
commit249a5895f120b13290a372a49bb4b499e749806f (patch)
tree5112f07eaffc8203361ff59ab4bd941bd59aa91c
parent1a51e46e4a87e1cd9528ac5e5656011636e4086b (diff)
downloadglibc-249a5895f120b13290a372a49bb4b499e749806f.tar.gz
glibc-249a5895f120b13290a372a49bb4b499e749806f.tar.xz
glibc-249a5895f120b13290a372a49bb4b499e749806f.zip
malloc: Ensure that the consolidated fast chunk has a sane size.
-rw-r--r--ChangeLog4
-rw-r--r--malloc/malloc.c6
2 files changed, 10 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 72aaf78cf2..fb280c1de5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2018-01-12  Istvan Kurucsai  <pistukem@gmail.com>
+
+	* malloc/malloc.c (malloc_consolidate): Add size check.
+
 2018-01-12  Florian Weimer  <fweimer@redhat.com>
 
 	* support/write_message.c (write_message): Preserve errno.
diff --git a/malloc/malloc.c b/malloc/malloc.c
index 48106f9bd4..f5aafd2c05 100644
--- a/malloc/malloc.c
+++ b/malloc/malloc.c
@@ -4431,6 +4431,12 @@ static void malloc_consolidate(mstate av)
     p = atomic_exchange_acq (fb, NULL);
     if (p != 0) {
       do {
+	{
+	  unsigned int idx = fastbin_index (chunksize (p));
+	  if ((&fastbin (av, idx)) != fb)
+	    malloc_printerr ("malloc_consolidate(): invalid chunk size");
+	}
+
 	check_inuse_chunk(av, p);
 	nextp = p->fd;